TroveStar Security
Published: 2016-03-20 - By: gdm
Last updated on: 2018-12-06
Last updated on: 2018-12-06
visibility: Public
TroveStar Security
There are two related topics that pertain to TroveStar security. The first topic is login information and the second is general data.
Login information is not stored in TroveStar and is not at risk to a data breach. TroveStar uses Google’s single-sign-on protocol which permits the TroveStar server to ask whether a given user has authenticated through Google or not. Google does not share any password information with TroveStar and explicitly keeps that information within Google’s most secure data repositories. Google does share the gmail address and the google id with TroveStar. The Google ID is merely a numeric representation of the email address and similarly does not permit TroveStar access to any data beyond the email address. This makes TroveStar safer by outsourcing all password and authentication information to one of the world leaders in data security, Google. This means that even if all data within the website were compromised, the thief would only have access to the user’s email address. Nothing more.
Separately all collection information is stored in a SQL database hosted in a secure cloud facility. Nevertheless the data can theoretically be corrupted or erased by a malicious actor. For this reason, regular snapshots are taken of the database so that if you spent hours entering specifics about your train collection and it were wiped out, we could restore the data from a secure checkpoint. User do have the ability to enter any data they wish into the database, so we suggest NOT creating checklists of people’s social security numbers, home addresses or anything else they wouldn’t be equally comfortable placing on Facebook.
Login information is not stored in TroveStar and is not at risk to a data breach. TroveStar uses Google’s single-sign-on protocol which permits the TroveStar server to ask whether a given user has authenticated through Google or not. Google does not share any password information with TroveStar and explicitly keeps that information within Google’s most secure data repositories. Google does share the gmail address and the google id with TroveStar. The Google ID is merely a numeric representation of the email address and similarly does not permit TroveStar access to any data beyond the email address. This makes TroveStar safer by outsourcing all password and authentication information to one of the world leaders in data security, Google. This means that even if all data within the website were compromised, the thief would only have access to the user’s email address. Nothing more.
Separately all collection information is stored in a SQL database hosted in a secure cloud facility. Nevertheless the data can theoretically be corrupted or erased by a malicious actor. For this reason, regular snapshots are taken of the database so that if you spent hours entering specifics about your train collection and it were wiped out, we could restore the data from a secure checkpoint. User do have the ability to enter any data they wish into the database, so we suggest NOT creating checklists of people’s social security numbers, home addresses or anything else they wouldn’t be equally comfortable placing on Facebook.